CVE-2026-44339
Description
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after it fails to match the declared tool list and the registry. With the default agent configuration, _perm_allow is None, so undeclared non-dangerous tool names are not rejected by the permission gate. An attacker who can influence tool-call names can therefore invoke unintended application callables that were never declared as tools. This issue has been patched in praisonai version 4.6.37 and praisonaiagents version 1.6.37.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
praisonaiagentsPyPI | < 1.6.37 | 1.6.37 |
PraisonAIPyPI | < 4.6.37 | 4.6.37 |
Affected products
4- ghsa-coords2 versions
< 4.6.37+ 1 more
- (no CPE)range: < 4.6.37
- (no CPE)range: < 1.6.37
Patches
Vulnerability mechanics
References
3- github.com/MervinPraison/PraisonAI/security/advisories/GHSA-gmjg-hv98-qggqnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-gmjg-hv98-qggqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44339ghsaADVISORY
News mentions
0No linked articles in our index yet.